subject:"\[Openvpn\-devel\] \[PATCH 1\/2\] crypto_openssl.c\: fix heap\-buffer\-overflow found by AddressSanitizer"

Re: [Openvpn-devel] [PATCH 1/2] crypto_openssl.c: fix heap-buffer-overflow found by AddressSanitizer

2019-01-22 Thread Arne Schwabe

Am 22.01.19 um 12:02 schrieb Lev Stipakov:
> From: Lev Stipakov 
> 
> OpenSSL's version of crypto_pem_encode() uses PEM_write_bio()
> function to write PEM-encoded data to BIO object. That method doesn't
> add NUL termanator, unlike its mbedTLS counterpart mbedtls_pem_write_buffer().
> 
> The code which uses PEM data treats it as a string, so missing NUL
> terminator makes sanitizer to compain.
> 
> Fix by adding a NUL terminator.
> 
> Signed-off-by: Lev Stipakov 
> ---
>  src/openvpn/crypto_openssl.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index 9691ce0..6a49067 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -400,8 +400,9 @@ crypto_pem_encode(const char *name, struct buffer *dst,
>  BUF_MEM *bptr;
>  BIO_get_mem_ptr(bio, );
>  
> -*dst = alloc_buf_gc(bptr->length, gc);
> +*dst = alloc_buf_gc(bptr->length + 1, gc);
>  ASSERT(buf_write(dst, bptr->data, bptr->length));
> +*BEND(dst) = '\0';

buf_null_terminate(dst) is a better function here :)

Otherwise ACK, fixes the problem.

Arne



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/2] crypto_openssl.c: fix heap-buffer-overflow found by AddressSanitizer

2019-01-22 Thread Lev Stipakov

From: Lev Stipakov 

OpenSSL's version of crypto_pem_encode() uses PEM_write_bio()
function to write PEM-encoded data to BIO object. That method doesn't
add NUL termanator, unlike its mbedTLS counterpart mbedtls_pem_write_buffer().

The code which uses PEM data treats it as a string, so missing NUL
terminator makes sanitizer to compain.

Fix by adding a NUL terminator.

Signed-off-by: Lev Stipakov 
---
 src/openvpn/crypto_openssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 9691ce0..6a49067 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -400,8 +400,9 @@ crypto_pem_encode(const char *name, struct buffer *dst,
 BUF_MEM *bptr;
 BIO_get_mem_ptr(bio, );
 
-*dst = alloc_buf_gc(bptr->length, gc);
+*dst = alloc_buf_gc(bptr->length + 1, gc);
 ASSERT(buf_write(dst, bptr->data, bptr->length));
+*BEND(dst) = '\0';
 
 ret = true;
 cleanup:
-- 
2.7.4



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/2] crypto_openssl.c: fix heap-buffer-overflow found by AddressSanitizer

[Openvpn-devel] [PATCH 1/2] crypto_openssl.c: fix heap-buffer-overflow found by AddressSanitizer

2 matches

Site Navigation

Mail list logo

Footer information